In 2024, cybersecurity attacks made headlines. From the massive SaltTyphoon telecommunications breach to BlackCat ransomware group shutting down Change Healthcare’s systems, no industry left 2024 unscathed.
While these high-profile attacks will continue to make headlines this year, small to medium businesses (SMBs) also face an uptick in cyberattacks, but with far less resources. In fact, OpenText Cybersecurity’s 2024 Global Ransomware Survey found that 76% of SMB respondents experienced a ransomware attack within the last year, outpacing the rate of attacks reported by larger enterprises.
This year, increasingly sophisticated technology including AI will require businesses to rethink their security strategies to address intricate, highly complex threats and adopt a more integrated approach to protecting their digital environments.
Below are three critical trends in the year ahead — and the steps they can take to stay ahead of the curve – that businesses need to be aware of.
- AI-Powered Threats – and Solutions – Will Reshape SMB Cybersecurity Strategies
2024 saw an AI boom, and 2025 will deliver on the promises made by both vendors and bad actors around AI in cybersecurity. Businesses will be increasingly targeted by AI-augmented attacks, including highly adaptive malware and phishing campaigns that evolve in real time to bypass traditional defenses.
The Financial Times recently reported that corporate executives are being hit by highly personalized, sophisticated phishing scams, likely powered by AI to enhance attack precision and effectiveness. With over 90% of successful cyberattacks stemming from phishing emails, businesses will expand their defenses past traditional methods like endpoint security and standard email filters, which will no longer suffice against these advanced threats.
To counter AI-augmented attacks, businesses will adopt AI-powered security solutions that provide continuous, automated protection and response capabilities. For example, employing AI-powered managed detection and response (MDR) solutions will provide organizations with continuous threat hunting and monitoring, allowing them to identify attacks in real time, reducing vulnerability to modern threats and preventing damage and breaches.
- Ransomware and Supply Chain Attacks Converge to Put the Pressure on SMBs
Ransomware remains a leading threat to all organizations, with tactics evolving in both severity and frequency. With businesses often viewed as low-hanging fruit due to limited budget and security resources, they will continue to be a prime target of ransomware in 2025. To maximize impact, ransomware attackers will utilize “breadth attacks,” prioritizing scale over sophistication by casting a wide net across smaller targets with limited defenses.
The OpenText Ransomware Survey also highlighted growing alarm over ransomware attacks targeting software supply chains, with 91% of organizations expressing concern about attacks on a company’s downstream software supply chain, third-party and connected partners. This trend is particularly pressing for SMBs, which often rely on a small network of managed service providers and third-party platforms, making them more vulnerable to supply chain threats than their larger counterparts.
To defend against these dual threats, businesses will need to think critically about their defenses, assessing vendors more closely for risk, adopting zero-trust principles and streamlining their security stacks to reduce exposure.
- Zero-Trust and Proactive Defense Move from a Nice-to-Have to a Must-Have
As SMBs adapt to evolving threats in 2025, zero-trust frameworks will no longer be just aspirational, but essential. Businesses will increasingly implement zero-trust principles to reduce vulnerabilities and significantly minimize the impact of attacks and breaches.
A simple, cost-effective approach to building a strong zero-trust foundation starts with securing identities through multi-factor authentication (MFA) and role-based access controls, ensuring only verified users and compliant devices can access resources. From there, businesses should ensure endpoint protection with antivirus and device management tools, segment their networks to limit potential breaches and use tools to detect and respond to threats.
As we move into 2025, SMBs must prioritize a layered defense strategy to navigate an increasingly complex cybersecurity landscape. By pairing foundational frameworks like zero-trust with technologies like AI-driven monitoring, detection and response, even resource-constrained businesses will create a more holistic and resilient security posture.
For many, partnering with a managed security service provider (MSSP) can greatly help in scaling solutions needed to manage modern challenges. Through strategic partnerships and a multi-layered approach, businesses can confidently safeguard their digital environments against evolving threats.
About the Author
George Skaff is SVP & General Manager, Cybersecurity SMB at OpenText, where he leads a worldwide go to market group that strives to deliver competitive cybersecurity solutions for the SMB market globally. George is also the General Manager for the Cybersecurity Consumer business.
Most recently, he was SVP of Marketing for Daon, a company focus on market leading identity verification and biometric authentication solutions for various verticals.
Before that he was the General Manager of the Digital Line of Business at Nuance Communications. Prior to that role, he served as the Head of WW Marketing at Nuance Enterprise Division, which included the security and biometrics business.
George has more than 30 years of experience at both publicly and privately held companies, primarily in the SaaS space. He has held various senior positions at global companies including SGI (acquired by HP), Wyse (acquired by Dell), NEC computers and Logitech.
George speaks three languages fluently and has lived and worked in many international time zones. He enjoys the outdoors whenever he can, whether he is hiking, golfing or playing pickleball.
George Skaff can be reached at https://www.linkedin.com/in/gskaff/
